NayuOS

NayuOS is an ongoing project at Nexedi: since we mainly use Chromebooks as part of our development tools, we want to have more customizable, secure and privacy-compliant devices. We only create Free Software (see our full stack) so we want to have a Free alternative for Chrome OS which fits our needs.

Security: Chrome and Chromium OS have a specific security policy, using sandboxes as a security mechanism to isolate different processes and don't let them access the file system from inside a sandbox, not having packet installation because there are web application to answer all the user's need, encrypting each user's partition independently, ... .

Price: Chromebooks are very cheap devices! The cheapest one is around $150.

Freedom: There is no tying: you won't pay a Windows license and most of them are using Coreboot instead of a proprietary BIOS! But Chrome OS's sources are not open, and that is why we prefer Chromium OS.

Speed: Chromebooks boot fast (you will mostly use the web, so there is not much on your computer anyway).

Learning: Because you have to find how to do things on the web instead of finding a command in your terminal, it is a nice way to learn modern web and become up to date on web technologies.

For whom is Chromium OS?

For developers

Chromium OS is much more developer-friendly, since there is a large range of tools for development (Python2.7, gdb, ...) and networking (tcpdump, rsync, ...) which are not available in Chrome OS. Having Python2 means that it is easy to run an HTTP server on the local network and develop web applications!

For people who care about privacy

Chromium OS is fully Open Source. This is necessary for better privacy and security: you don't have to trust Google, you can look at the code and ensure that the software does what you expect from it! However, it requires you to switch to developer mode, which is by default less secure (no more boot verification, shell in the browser and VT2 access, available root access with no password, ssh daemon running, ...) but allows you to use your device without restriction.

Of course, you still have to be careful with the location of the storage of your personal data (file system, Google's servers or your own, ...).

What is NayuOS and what are the benefits?

NayuOS is a customization of Chromium OS which is currently used by Nexedi's developers and that we want to share because it can be useful to others.

We want to improve the development environment, the usability and configuration of the system and the privacy of the users. Right now, our technical goal is to:

License

Install NayuOS

First, Find your codename of the board for your machine. If we do not support your board you can always try a generic image amd64-generic.
Second, download (and verify) the image from our repository. New builds can be found in Build Releases with links to their repositories.
Third, we provide a guide on how to Install the image on your Chromebook.

Install the image on your Chromebook

In order to install Chromium OS on you Chromebook, you will have to create a bootable USB stick. To do this, you can use:

use the pv command on any GNU/Linux (and Chrome OS, but beware that some Chromebooks can't handle disk writing correctly and crash):

sudo sh -c 'zcat your_board.nayuos.img.gz | pv > /dev/somedevice'

Once you have your image, you need to activate the developer mode on your device: generally, you have to turn your Chromebook off and hit ESC + F3 (the "reload" key) + POWER button.

You should then get a screen saying that "Chrome OS is missing or damaged", this is just an dissuasive message, hit CTRL + D and confirm by hitting ENTER that you want to enable the developer mode.

Choose to "Browse as guest" by clicking on the button in the bottom left corner of the login page.

Then, you need to allow your device to boot on USB. For that, get a shell:

by typing CTRL + ALT + T in the browser to access to the "crosh" terminal, and writing the command shell

by hitting CTRL + ALT + F2 (the "next" key), either as root or chronos

and type:

sudo crossystem dev_boot_usb=1 dev_boot_signed_only=0

Reboot and press CTRL + U at boot time to boot on USB.

Welcome into your live-USB NayuOS

You will be on a live Chromium OS system. If you want to install it for real, open a terminal (as described above with CTRL + ALT + T and "crosh" terminal) and type:

sudo /usr/sbin/chromeos-install

After installation is done, you can follow the instructions in order to boot into installed NayuOS.

Important notes

After that, don't try to turn the developer mode off (hitting SPACE at boot time), or you will have to reinstall the original Chrome OS!

If it does not boot on the live system...
If you were in developer mode under Chrome OS, you may have to switch back to normal mode (hitting space at boot time). Then, you can follow the instructions above.

Build your own image

The build process based on Buildout in our decentralized cloud technology SlapOS makes possible to build many images of NayuOS for specific boards based on the latest releases of Chromium OS.

Tips and tricks

In case you get the "Chrome OS is missing or damaged" error at boot time or if you just want to go back to your original system, it is easy to make a recovery image of your original system, with the dedicated application.

having re6st, to get IPv6 over an IPv4 network, is easy: follow instructions with the script sudo grandenet

use the command sudo chromeos-setdevpasswd to change chronos user's password so that password is asked when using sudo and passwordless root console login is disabled.

unzip with Python using the command:

python -m zipfile -e myfile.zip outputpath

create and manage LUKS-encrypted partition (change partition by the actual partition or device in /dev/):

FAQ

Q: I want to run it on a normal PC laptop. When will this option be available?

A: Some of us tried to run a "generic" version of Chromium OS on their laptop. It was not reliable because of problems due to unsupported hardware (such as trackpad issues, ...).

Q: I do not understand why do you need to make separate images for all the x86-based Chromebooks?

A: Chromium OS is optimized for each device: because the Chromium OS team know what are the hardware specifications for every board, they choose not to add such driver, ... . This is why sleep mode, sound, wifi, and so on, always work well on these devices (that you sometimes experience when using a generic GNU/Linux distribution on an ordinary laptop).

Q: What does NayuOS looks like?

A: We took a screenshot for you

Q: What can I do with NayuOS?

A: You can:

use the crosh terminal,

access your IPV6 network from anywhere, even on IPv4-only networks,

read encrypted SD-card, USB sticks,

use an online open source ERP,

access remote server with ssh command as usual,

run Python, create Flask applications, test and use them locally, ...

use or write JavaScript applications for everything else!

Q: What can't I do with NayuOS?

A: You can't:

store documents on your Chromebook (use external devices),

use Adobe Flash or proprietary codecs for multimedia (mp3, ...),

install packages (same as Chrome OS),

execute custom binary anywhere (most of the file system is mounted noexec),

use Chrome extensions and Google account for logging in.

Q: How Free are NayuOS users? Do you think someday it might be free enough to be submitted to the FSF as an approved distro?

A: Our intention is to have a fully Free (so FSF-compliant) device and Chromebooks running NayuOS or Chromium OS are relatively close to it, but:

there are unfortunately necessary microcode for the CPU, that are non-Free,

we did not recompile Coreboot, neither flashed the read-only part of the Chromebook's firmware (at least, we have not tried yet),

and zram being still in staging (in other words, it is/was not considered ready yet and on the way to become a official Linux kernel module)

dmesg | grep -i staging zram: module is from the staging directory, the quality is unknown, you have been warned.

Q: I am interested on how I can manage to add my private ssh keys to NayuOS.

A: I am using NayuOS daily, with a USB stick (some use SD cards) on which I have all the data I want to keep locally. My ssh private key is stored on it, so I just need to copy it to ~/.ssh when I need it. The device can be encrypted using cryptsetup cli.